We previously issued a briefing on the Court of Justice of the European Union’s (CJEU) ruling that declared all transfers of personal data from the EU to the United States under the U.S.-EU Safe Harbor Framework, including those conducted by vendors or suppliers, immediately invalid. On 14 October 2015, we presented a webinar on this topic, including a practical discussion of the impact and potential solutions. Moving forward, companies should evaluate the following frequently asked questions to help mitigate the potential risk of exposure when transferring data internationally.
- I’m Safe Harbor certified and have seen news articles reporting that “Safe Harbor is invalid”. What does that mean?
- When does the court’s decision come into effect?
Safe Harbor self-certified organisations
- Do I need to stop all international data transfers?
- I still need to transfer data from the EU to the United States, what should I do?
- Has any official guidance been released regarding the implications of the court’s decision?
What are our next steps?
- Do you know what data you collect?
- Do you know what data you send to the United States?
- Do you know what services your suppliers/vendors supply?
- What do I do if I receive something from my supplier asking me to sign?
- I need more advice; what are Model Clauses, Binding Corporate Rules etc.?!
Organisations that are not Safe Harbor certified
- My business is not Safe Harbor certified – does that mean I can ignore this ruling?
- Can I still transfer data to suppliers that are Safe Harbor certified?
- Are any guidance notes available?
Client here to read our answers to the above questions in our issued Client Alert.